Home News Guide Hardware Download Forum Glossario

Condividi:        

virus cavallo di troia Win32/Wigon.D

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

virus cavallo di troia Win32/Wigon.D

Postdi cassathecaptain » 13/02/07 15:38

Ciao ragazzi ho un problema con questo virus: cavallo di troia Win32/Wigon.D trovato nella memoria operativa. Infezione della memoria originata dal file C:\WINDOWS\system32\wsys.dll.

Quando apro Nod32 naturalmente aggiornato mi individua questo virus! siccome è nella memoria operativa non può cancellalrlo!

Allora ho provveduto alla riceraca del file infetto wsys.dll e analizzandolo sono riuscito a eliminarlo! Infatti al riavvio di windows, Nod32 non lo individuava più!

Il problema è che al riavvio successivo me lo ritrovo!!!

Potete aiutarmi?? vi ringrazio in anticipo
cassathecaptain
Utente Junior
 
Post: 31
Iscritto il: 16/01/07 19:34
Top
Sponsor
 

Postdi Luke57 » 13/02/07 16:58

Ciao, questo malware installa un rootkit.
Scarica Gmer da qui: http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta la casella ADS e la casella files , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

risultato scansione con gmer

Postdi cassathecaptain » 13/02/07 17:59

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-13 17:22:26
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F709C62C 5 Bytes JMP 863FD1B8

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\csrss.exe[468] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[468] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[468] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\csrss.exe[468] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[468] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[496] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[496] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[496] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[496] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[496] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[540] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\services.exe[540] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[540] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\lsass.exe[552] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[552] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[708] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ati2evxx.exe[708] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[708] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[708] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[736] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[736] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[736] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1188] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1188] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1188] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1188] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1384] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ati2evxx.exe[1384] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1384] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1384] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\iPod\bin\iPodService.exe[1404] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\iPod\bin\iPodService.exe[1404] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\iPod\bin\iPodService.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\iPod\bin\iPodService.exe[1404] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\iPod\bin\iPodService.exe[1404] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\iPod\bin\iPodService.exe[1404] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\WINDOWS\explorer.exe[1532] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1532] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\explorer.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[1532] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[1532] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1620] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1620] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1620] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1620] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[1628] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[1628] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[1628] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\HPQ\Quick Launch Buttons\eabservr.exe[1644] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\HPQ\Quick Launch Buttons\eabservr.exe[1644] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\HPQ\Quick Launch Buttons\eabservr.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\HPQ\Quick Launch Buttons\eabservr.exe[1644] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\HPQ\Quick Launch Buttons\eabservr.exe[1644] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe[1652] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe[1652] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe[1652] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe[1660] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe[1660] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe[1660] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\ESET\nod32kui.exe[1668] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ESET\nod32kui.exe[1668] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\ESET\nod32kui.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\ESET\nod32kui.exe[1668] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\ESET\nod32kui.exe[1668] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1676] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1676] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1676] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1676] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\iTunes\iTunesHelper.exe[1704] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\iTunes\iTunesHelper.exe[1704] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\iTunes\iTunesHelper.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\iTunes\iTunesHelper.exe[1704] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\iTunes\iTunesHelper.exe[1704] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\QuickTime\qttask.exe[1712] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\QuickTime\qttask.exe[1712] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\QuickTime\qttask.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\QuickTime\qttask.exe[1712] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\QuickTime\qttask.exe[1712] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe[1740] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe[1740] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe[1740] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe[1740] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1872] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1872] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1872] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1872] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1872] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\MsnMsgr.Exe
.text C:\Programmi\ESET\nod32krn.exe[1960] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ESET\nod32krn.exe[1960] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\ESET\nod32krn.exe[1960] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\ESET\nod32krn.exe[1960] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\ESET\nod32krn.exe[1960] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\MSN Messenger\usnsvc.exe[2068] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\usnsvc.exe[2068] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\MSN Messenger\usnsvc.exe[2068] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\MSN Messenger\usnsvc.exe[2068] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\MSN Messenger\usnsvc.exe[2068] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\MSN Messenger\usnsvc.exe[2068] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2160] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\WINDOWS\system32\alg.exe[2372] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\alg.exe[2372] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\alg.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\alg.exe[2372] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\alg.exe[2372] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\alg.exe[2372] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\Programmi\HPQ\shared\hpqwmi.exe[2568] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\HPQ\shared\hpqwmi.exe[2568] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\HPQ\shared\hpqwmi.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\HPQ\shared\hpqwmi.exe[2568] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\HPQ\shared\hpqwmi.exe[2568] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\HPQ\shared\hpqwmi.exe[2568] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[3408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[3408] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[3408] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[3408] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\Documents and Settings\Marco\Desktop\gmer.exe[3588] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Marco\Desktop\gmer.exe[3588] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Marco\Desktop\gmer.exe[3588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Documents and Settings\Marco\Desktop\gmer.exe[3588] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Documents and Settings\Marco\Desktop\gmer.exe[3588] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\Marco\Desktop\gmer.exe[3588] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8657B1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8657B1D8
Device \Driver\00000031 \Device\00000042 IRP_MJ_POWER [F7456DB6] sptd.sys
Device \Driver\00000031 \Device\00000042 IRP_MJ_SYSTEM_CONTROL [F746C73C] sptd.sys
Device \Driver\00000031 \Device\00000042 IRP_MJ_PNP [F746577E] sptd.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 863371D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 863371D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 863371D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 863371D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863371D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 863371D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 863F11D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 863F11D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 863F11D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 863F11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8657E1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 863ED1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 863ED1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 863ED1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8657D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8657D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8657D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8657D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8657D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8657D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8657D1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8657D1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE
cassathecaptain
Utente Junior
 
Post: 31
Iscritto il: 16/01/07 19:34
Top

pezzo mancante dello scan con gmer

Postdi cassathecaptain » 13/02/07 18:01

Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 863371D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_CREATE 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_CLOSE 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_DEVICE_CONTROL 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_INTERNAL_DEVICE_CONTROL 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_CLEANUP 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_PNP 8628D1D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 863371D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 861F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 863F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 861F11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8657E1D8
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_CREATE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_CLOSE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_POWER 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_PNP 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_CREATE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_CLOSE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_POWER 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_SYSTEM_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_PNP 863BA388
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86222990

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-2025429265-842925246-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41CA748-21DD-D379-DA64-059D3197149B}@abnmdkmgacfijgmfpaiioognginggelgpl 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-2025429265-842925246-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41CA748-21DD-D379-DA64-059D3197149B}@bbnmdkmgacfijgmfpahidfjddopkceokpbmo 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.12 ----







GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-13 17:23:28
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvKsr /*SrvKsr*/@ = "\\?\C:\Programmi\File comuni\System\lpt7.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@ATIPTA"C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@CpqsetC:\Programmi\HPQ\Default Settings\cpqset.exe ? ??? 2 5 2 4 ???? ??B ? ??hLC ? ???? = C:\Programmi\HPQ\Default Settings\cpqset.exe ? ??? 2 5 2 4 ???? ??B ? ??hLC ? ????
@eabconfg.cplC:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/ = C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_05\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
@hpWirelessAssistantC:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe = C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@dtkxaa.exeC:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe = C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@Spyware Doctor"C:\Programmi\Spyware Doctor\swdoctor.exe" /Q = "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Programmi\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll = C:\Programmi\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
@{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} /*Haali Matroska Thumbnail Exctractor*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}C:\Programmi\Yetisports\IEButtonYetiSportsEBayInterface.dll = C:\Programmi\Yetisports\IEButtonYetiSportsEBayInterface.dll
@{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}C:\Programmi\vmntoolbar\vmntoolbar.dll = C:\Programmi\vmntoolbar\vmntoolbar.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\Windows Live Toolbar\msntb.dll = C:\Programmi\Windows Live Toolbar\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.hp.com = http://www.hp.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://runonce.msn.com/?v=msgrv75 = http://runonce.msn.com/?v=msgrv75
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

C:\Documents and Settings\Marco\Menu Avvio\Programmi\Esecuzione automatica = C'è Posta.lnk

---- EOF - GMER 1.0.12 ----

grazie
cassathecaptain
Utente Junior
 
Post: 31
Iscritto il: 16/01/07 19:34
Top

pezzo mancante dello scan con gmer

Postdi cassathecaptain » 13/02/07 18:02

Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 863371D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_CREATE 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_CLOSE 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_DEVICE_CONTROL 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_INTERNAL_DEVICE_CONTROL 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_CLEANUP 8628D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CC5F32-3C35-4690-BEB0-B1A1B4D804C2} IRP_MJ_PNP 8628D1D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 863371D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 863371D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 861F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 863F11D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 863F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 861F11D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 861F11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8657E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8657E1D8
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_CREATE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_CLOSE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_POWER 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1Port2Path0Target0Lun0 IRP_MJ_PNP 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_CREATE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_CLOSE 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_POWER 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_SYSTEM_CONTROL 863BA388
Device \Driver\ayfmmton \Device\Scsi\ayfmmton1 IRP_MJ_PNP 863BA388
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86222990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86222990

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-2025429265-842925246-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41CA748-21DD-D379-DA64-059D3197149B}@abnmdkmgacfijgmfpaiioognginggelgpl 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-2025429265-842925246-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41CA748-21DD-D379-DA64-059D3197149B}@bbnmdkmgacfijgmfpahidfjddopkceokpbmo 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.12 ----







GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-13 17:23:28
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvKsr /*SrvKsr*/@ = "\\?\C:\Programmi\File comuni\System\lpt7.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@ATIPTA"C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@CpqsetC:\Programmi\HPQ\Default Settings\cpqset.exe ? ??? 2 5 2 4 ???? ??B ? ??hLC ? ???? = C:\Programmi\HPQ\Default Settings\cpqset.exe ? ??? 2 5 2 4 ???? ??B ? ??hLC ? ????
@eabconfg.cplC:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/ = C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_05\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
@hpWirelessAssistantC:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe = C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@dtkxaa.exeC:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe = C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@Spyware Doctor"C:\Programmi\Spyware Doctor\swdoctor.exe" /Q = "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Programmi\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll = C:\Programmi\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
@{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} /*Haali Matroska Thumbnail Exctractor*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}C:\Programmi\Yetisports\IEButtonYetiSportsEBayInterface.dll = C:\Programmi\Yetisports\IEButtonYetiSportsEBayInterface.dll
@{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}C:\Programmi\vmntoolbar\vmntoolbar.dll = C:\Programmi\vmntoolbar\vmntoolbar.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\Windows Live Toolbar\msntb.dll = C:\Programmi\Windows Live Toolbar\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.hp.com = http://www.hp.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://runonce.msn.com/?v=msgrv75 = http://runonce.msn.com/?v=msgrv75
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

C:\Documents and Settings\Marco\Menu Avvio\Programmi\Esecuzione automatica = C'è Posta.lnk

---- EOF - GMER 1.0.12 ----

grazie
cassathecaptain
Utente Junior
 
Post: 31
Iscritto il: 16/01/07 19:34
Top

Postdi Luke57 » 13/02/07 19:41

Ciao, non so se basterà, comunque:
scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip, estraendo tutti i file.
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvKsr

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | dtkxaa.exe

Folders to delete:
C:\windows\temp

Files to delete:
C:\Programmi\File comuni\System\lpt7.exe
C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

logfile avenger

Postdi cassathecaptain » 13/02/07 20:00

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rgkecwov

*******************

Script file located at: \??\C:\Program Files\qxvixyro.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvKsr deleted successfully.
Folder C:\windows\temp deleted successfully.
File C:\Programmi\File comuni\System\lpt7.exe deleted successfully.
File C:\DOCUME~1\Emanuele\IMPOST~1\Temp\dtkxaa.exe deleted successfully.


Ecco il log file

Base registry key for value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs not found!
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dtkxaa.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Oltre al logfile mi è apparasa questa finestra di registro:

C:\WINDOWS\system32\cmd.exe

ecco il testo:



C:\avenger\2.reg



C:\avenger\3.reg


1 file copiati.
Impossibile cambiare l'attributo - C:\avenger\lpt7.exe
zip warning: C:/backup.zip not found or empty
adding: avenger/avenger.txt (188 bytes security) (deflated 71%)
adding: avenger/backup.reg (188 bytes security) (deflated 64%)
adding: avenger/dtkxaa.exe (164 bytes security) (deflated 3%)
adding: avenger/lpt7.exe
zip warning: No such file or directory
zip warning: could not open for reading: avenger/lpt7.exe
adding: avenger/temp/ (232 bytes security) (stored 0%)
adding: avenger/temp/54984.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55000.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55046.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55250.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55265.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55296.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55468.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55640.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55890.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/55921.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/56390.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/56843.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/BITC7.tmp (120 bytes security) (deflated 100%)
adding: avenger/temp/cel90xbe.sys (120 bytes security) (deflated 46%)
adding: avenger/temp/services.exe (120 bytes security) (deflated 44%)
c:\avenger\lpt7.exe - Impossibile trovare il file specificato.
Sottodirectory o file C:\avenger già esistente.
C:\backup.zip
Impossibile trovare C:\reboot.exe
Impossibile trovare C:\reboot.bat
Impossibile trovare il file batch.

Grazie
cassathecaptain
Utente Junior
 
Post: 31
Iscritto il: 16/01/07 19:34
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "virus cavallo di troia Win32/Wigon.D":

problema virus allo smart phone
Autore: terrybella 		Forum: Sicurezza e Privacy
Risposte: 8
Virus posta elettronica
Autore: libeccio20 		Forum: Sicurezza e Privacy
Risposte: 5
Problema tasto destro mouse, virus?
Autore: loyvaught 		Forum: Sicurezza e Privacy
Risposte: 1
virus ? spam? o cosa
Autore: loyvaught 		Forum: Sicurezza e Privacy
Risposte: 4
Virus o cosa?
Autore: danibi60 		Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 31 ospiti